Q: I thought “vendor C” has a device that could analyze even encrypted traffic. Is that correct?A: Correct, several vendors do claim analysis of encrypted traffic data without decryption. It is real and based on many types of interesting research in data analytics and even hard science. For example, some vendors can tell an interactive session (a shell) wrapped in HTTPS from regular HTTPS web traffic.

However, it is absolutely clear that what can be achieved by a sum total of such innovative methods is dramatically less compared to what can be done on plain text data. Any salesy claims that such methods “are almost as good as analyzing plan text data” are not really true. Or, they define the word ”almost” in some proprietary way

Naturally, vendors who perform only flow-based vendors analysis are unaffected by encryption. They are no less effective on encrypted traffic, but the question whether they were effective without layer 7 visibility in the first place remains.